Hacking Post your WiiU cheat codes here!

[Dekirai]

Awesome! Thanks.
I searched online for anything to do with swimming, but I never searched for 'air'. I assume this is from the WWHD trainer?

Edit: I see where you got the code now: https://gbatemp.net/threads/wind-waker-hd-trainer.434995/page-15#post-7474495

I probably want to enable 'Infinite Water Time' as well, right?

no.
Infinite Water Time is only for the Forest Water that has a timer of 30 minutes
The Code will freeze the Timer at 30 minutes

 

[Maq47]

I found the money code for Pokemon Rumble U

2731E4B4 - Money collected

332E41CC - Player 1 Money

332E423C - Player 2 Money

332E431C - Player 3 Money

332E446C - Player 4 Money

P.S. If anyone here has experience using Saviine please PM me, I could really use some advice.

Can anyone test the following code for Pokemon Rumble U (USA)? Go to 'NFC Figure' on the Title Screen and enable the code, exit to the Title Screen, then go back to 'NFC Figure' again. Does it show as having 9,999,999 money in the top-right corner?

9999999 P (Money)
00020000 24794C34
0098967F 00000000

Edit:

no.
Infinite Water Time is only for the Forest Water that has a timer of 30 minutes
The Code will freeze the Timer at 30 minutes

Ah, okay. Thanks for the heads up.

 

[Megabyte918]

I have a question. Is it possible to make complicated cheat codes from C++ rather than raw assembly? Like if I were to make the C++ code then extract the raw assembly during compilation, would said assembly work if I were to convert it to cafe code and run it using JGecko U?

 

[DarkFlare69]

I have a question. Is it possible to make complicated cheat codes from C++ rather than raw assembly? Like if I were to make the C++ code then extract the raw assembly during compilation, would said assembly work if I were to convert it to cafe code and run it using JGecko U?

It should, but I'm no expert. Bully probably knows better:

One thing to keep in mind for writing more complicated ASM codes is that it can be a lot easier to write the code in C for some Wii U homebrew, compile and extract the assembly from the ELF. This let's you do much more complex things easily. Also, with the -03 compilation flag it will be very hard to understand what the assembly actually does due to optimizations (can't hurt really unless you're trying to teach).

 

[BullyWiiPlaza]

I have a question. Is it possible to make complicated cheat codes from C++ rather than raw assembly? Like if I were to make the C++ code then extract the raw assembly during compilation, would said assembly work if I were to convert it to cafe code and run it using JGecko U?

Yes, it should if you write a function in C++ without arguments/return types and compile it. The assembly instructions generated will do what you want so you can copy those from the ELF and use the code wizard to generate the code. This is something that has a lot of potential actually

 

[Megabyte918]

Yes, it should if you write a function in C++ without arguments/return types and compile it. The assembly instructions generated will do what you want so you can copy those from the ELF and use the code wizard to generate the code. This is something that has a lot of potential actually

Oh okay perfect! Thanks @DarkFlare69 and @BullyWiiPlaza for answering my question, this should make making cheat codes a lot easier

 

[BullyWiiPlaza]

Oh okay perfect! Thanks @DarkFlare69 and @BullyWiiPlaza for answering my question, this should make making cheat codes a lot easier

Here you go, I went through all the steps plus added tool support and C/C++ templates

 

[Boss69]

@PandaOnSmack

All finished updating Botw Codes to 1.3.1

for the sake of convenience for myself. I made a LOT of codes based off of the same pointer. And thus some of them became pretty long.

Here are Link's Coordinates, Idk if this is what you need for the Coordinate tracking section or not.

[[[[[0x10938A8C] - 0xB1C] + 0x53C] - 0x15DC] + 0x338] + 0x140

was every single 1.3.0 code remade for 1.3.1? i just don't want to update and then realize that some of them don't work.

 

[skoolzout1]

was every single 1.3.0 code remade for 1.3.1? i just don't want to update and then realize that some of them don't work.

some codes still work between versions, most didnt, the more 'essential' ones didnt.

 

[DarkFlare69]

@BullyWiiPlaza Me and RyDog were trying out the method to create ASM codes from ELF file.

We made a random number generator and used the result as the value in our code, like this:

The example is a random VR generator for MK8.

(Yes, the whole thing was redesigned to be easier to read and more like 3DS plugins)

After compiling, the machine code using your java program was this: 7C0802A69421FFF838802710386000009001000C480004798001000C3D202F74612986607C0803A690690000382100084E800020

I added "3C40010F60426AE07C4903A64E800420" to the end (from cosmo courtneys website, I always put this at the end of ASM codes) and then split it up and turned it into JGecko U format. It froze upon sending the code. I tried clearing all the registers in use as well and it still froze. This is the code:

xor r0,r0,r0
xor r1,r1,r1
xor r2,r2,r2
xor r3,r3,r3
xor r4,r4,r4
xor r9,r9,r9
mflr r0
stwu r1, -8 (r1)
li r4, 0x2710
li r3, 0
stw r0, 0xC (r1)
bl 0x478
lwz r0, 12 (r1)
lis r9, 0x2F74
ori r9,r9, 0x8660
mtlr r0
stw r3, 0 (r9)
addi r1, r1, 0x8
blr
lis r2, 0x10F
ori r2,r2, 0x6AE0
mtctr r2
bctr

Do you know why it's freezing?

 

[PandaOnSmack]

Didn't he say to avoid arguments and return types?

 

[DarkFlare69]

Didn't he say to avoid arguments and return types?

I didn't read that

 

[BullyWiiPlaza]

Do you know why it's freezing?

This is a work-in-progress but first of, you need to write a single function without any parameters (and return values) so the assembly code contains everything at once. This can be done by declaring all sub functions as

static inline

RandomNumber() should be static inline and writeU32() as well. The "base" function randomVR() should be declared as

__attribute__((noinline))

so the compiler generates a function for it instead of inlining it as well in the calling function.

Basically like this:

static inline int random_number(int min_num, int max_num) {
    int result = 0, low_num = 0, hi_num = 0;

    if (min_num < max_num) {
        low_num = min_num;
        hi_num = max_num + 1; // include max_num in output
    } else {
        low_num = max_num + 1; // include max_num in output
        hi_num = min_num;
    }

    srand(time(NULL));
    result = (rand() % (hi_num - low_num)) + low_num;
    return result;
}

__attribute__((noinline))
void randomVR() {
    unsigned int random = (unsigned int) random_number(0, 10000);
    writeInternal((unsigned int *) 0x2F748660, random, THIRTY_TWO_BIT);
}

Next up, you're using library functions and that's bad. Why? The function calls to library are relative so if you move the code (e.g. by putting it into a code) you'll break that so it will probably jump into nowhere and of course freeze.

This looks fine besides the 3 library function calls.

You shouldn't use any library functions unless you can correct them manually but I don't recommend that. You would have to define the address of each function manually in the code to use library functions or you include all the code yourself which is best.

EDIT: Here is a possible solution I came up with.

// TODO Choose any address you want (should have value 0 at first because of the if-check below)
#define RANDOM_NUMBER_SEED_ADDRESS 0x12345678
#define VR_ADDRESS 0x2F748660

static unsigned long *randomNumberSeed = (unsigned long *) RANDOM_NUMBER_SEED_ADDRESS;

static inline int getRandomNumber() {
    *randomNumberSeed = *randomNumberSeed * 1103515245 + 12345;
    return (unsigned int) (*randomNumberSeed / 65536) % 32768;
}

static inline void setRandomNumberSeed(unsigned int seed) {
    *randomNumberSeed = seed;
}

static inline int random_number(int min_num, int max_num) {
    int result = 0, low_num = 0, hi_num = 0;

    if (min_num < max_num) {
        low_num = min_num;
        hi_num = max_num + 1; // include max_num in output
    } else {
        low_num = max_num + 1; // include max_num in output
        hi_num = min_num;
    }

    result = (getRandomNumber() % (hi_num - low_num)) + low_num;

    return result;
}

__attribute__((noinline))
void randomVR() {
    if (*randomNumberSeed == 0) {
        setRandomNumberSeed(1337);
    }
    unsigned int random = (unsigned int) random_number(0, 10000);
    *(unsigned int *) VR_ADDRESS = random;
}

The trick is NOT to use any library functions, to define an address to hold the seed of the random value generator and to set the seed only once at the beginning. Then, every code execution will "randomize" the VR. The assembly code should now work.

EDIT:
Also due to the nature of the C0 code type ALL blr instructions need to be replaced with an always branch to the end of your code:

lis r9,4352
lwz r9,0(r9)
cmpwi cr7,r9,0
bne- cr7,_0x34
lis r10,-31569
lis r8,4352
ori r10,r10,51070
li r9,1199
stw r10,0(r8)
lis r10,12148
ori r10,r10,34400
stw r9,0(r10)
b _END
_0x34:
lis r10,16838
ori r10,r10,20077
mullw r10,r9,r10
lis r9,-11855
ori r9,r9,47385
addi r10,r10,12345
rlwinm r8,r10,16,17,31
mulhw r9,r8,r9
add r9,r9,r8
srawi r9,r9,13
mulli r9,r9,10001
sub r9,r8,r9
lis r8,4352
stw r10,0(r8)
lis r10,12148
ori r10,r10,34400
stw r9,0(r10)
_END:

With all that being said, it is tested and working

VR Randomizer [DarkFlare|Bully@WiiPlaza|RyDog]
C0000011 60000000
3D201100 81290000
2F890000 409E0028
3D4084AF 3D001100
614AC77E 392004AF
91480000 3D402F74
614A8660 912A0000
48000048 3D4041C6
614A4E6D 7D4951D6
3D20D1B1 6129B919
394A3039 5548847E
7D284896 7D294214
7D296E70 1D292711
7D294050 3D001100
91480000 3D402F74
614A8660 912A0000
3C40010F 60426AE0
7C4903A6 4E800420

 

[Don Jon]

^is this for MK8?

 

[DarkFlare69]

^is this for MK8?

Yes

 

[Boss69]

EDIT: Can i have a offline free fly code? for mk8

 

[OuahOuah]

.tk websites is down, does it exists elsewhere ?

Where can I find cheat codes ?

 

[Skeet1983]

Has anyone been able to get codes to work with Paper Mario Color Splash? With J Gecko U, every time I try to connect, the game crashes... Thoughts and help greatly appreciated

 

[TudorBlue]

Right, Ive updated to 5.5.2 as I have Haxchi installed (i have my nand backed up too) and have tried to use TCP gecko. Im trying to uise TCP Gecko on BOTW. I can connect my wiiu to my lappy and send codes to the game using TCP Gecko but none seem to work. Im on Version 1.3.1 of BOTW btw. How can I get the codes to work??? Thanks in advance guys

 

[Dekirai]

Right, Ive updated to 5.5.2 as I have Haxchi installed (i have my nand backed up too) and have tried to use TCP gecko. Im trying to uise TCP Gecko on BOTW. I can connect my wiiu to my lappy and send codes to the game using TCP Gecko but none seem to work. Im on Version 1.3.1 of BOTW btw. How can I get the codes to work??? Thanks in advance guys

The codes may work only on 5.5.1.
Thats with my Wind Waker HD Trainer (and my other trainers) too.